Appendix A 


RISK ASSESMENT METHODOLOGY 


1. STRATEGIC RISKS IDENTIFICATION 

• Identity the strategic objectives of the municipality 

• This should be the same as in the Integrated development plan (IDP) 

• For each strategic objective, identify a strategic risk to address the non-achievement of the 
objective 

2. OPERATIONAL RISKS IDENTIFICATION 

• Identify the Directorates in the municipality 

• For each directorate, identify the various departments. 

• Identify the objective for each department. This should be linked to the municipalities main 
objectives as per the IDP 

• For each operational objective, identify the operational risks to address the non-achievement of 
the objective 

3. ASSESMENTS 

Workshops 

o Explain the Likelihood and Impact ratings, 
o Identify or reconfirm the objectives for the area under review, 
o What could go wrong that would cause the objective not to be met? 
o Rate the risk without taking controls into consideration. (Inherent risk rating) 
o Evaluate the inherent rating based on the tolerance level. 

o If the risk is higher, identify the current controls and rate their effectiveness (Residual risk 
rating) 

o Evaluate the residual rating based on the tolerance level, 
o If it is still higher than the tolerance level decide on one of the following actions: 

■ Transfer - Transfer the risk to another party e.g. insurance, contracted out 

■ Tolerate - Except the risk (might be too expensive to treat the risk further) 

■ Treat - Implement further controls 

■ Terminate - End the process 

o Determine actions to monitor actions 

Self-assessments 

o Provide the department of a previous copy of their risk register and the likelihood and 
impact rating scales. 

o The department confirms that there was no changes in the period of review or makes the 
necessary changes 
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